GLBA Nonpublic Personal Information — Financial Services CDP

constraint.glba-nonpublic-personal-information-financial-services ↗

Under the Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801–6827), financial institutions must protect the confidentiality and security of customers' Nonpublic Personal Information (NPI) and provide opt-out rights before sharing NPI with non-affiliated third parties. CDPs used by financial institutions must classify data fields as NPI vs. non-NPI, gate third-party activation on NPI opt-out status, and implement a security program meeting the Safeguards Rule (amended 2021/2023).